This is how you handle a (possible) security breach

Stolen passwords through Zoom, access to Obama’s Twitter account and - just last month - using Grindr with somebody else's account: hacking is becoming more and more prominent in our daily life. But, what about the good guys? The ethical hackers who report a flaw in your code? Here’s what we can learn from the Grindr data breach. 

Massive security flaw at Grindr

So, this was an awkward story. Grindr, a dating app for LGBTQ+, has fixed a massive security vulnerability which was found (and reported) by Wassime Bouimadaghene, a French security officer. What happened? Well, to reset a password, Grindr sends the user an email with a link that includes a reset token. If you click it, you can change your password. Pretty basic. But, the reset page was leaking password reset tokens to the browser! So anyone with a clever set of brains could just take the link, reset a password and enjoy the Grindr-account of somebody else.

Wassime turned out to be one of the good guys. He contacted Grindr and notified them about their security vulnerability. What happened next? Nothing really. They ignored him several (!) times. That’s why he contacted a fellow ethical hacker, who is also an online writer on security topics (Troy Hunt). He decided to write a blog about it. It was after this publication that Grindr finally reacted and patched the security vulnerability. So, what can we learn from this incident?

• Not every hacker means you harm

There are still lots of good (ethical) hackers! For example, security officers who look for security flaws at various companies. They do this as a hobby or for a living. If they find any vulnerabilities they will contact the company and explain the way they were able to enter the system, and provide solutions to stop others from doing the same. It’s quite common for them to charge for the results based on their detective work.

• Do not – I repeat – do not ignore a possible vulnerability

The awkward part of the Grindr-story is not only the security vulnerability by itself. The way they handled the incident could have been better, and directly with the hacker. Also, it wouldn’t have been published on a blog. So, if a person tells you that the security of your website should be improved, it’s best to investigate.

This is how you investigate security breach or vulnerability

A security breach happens when the underlying security systems are bypassed, leading to unauthorized access to private information. For example, if a hacker ‘breaks in’, he or she will be able to access personal accounts, data and billing information. Possible security breaches can be malware (viruses), phishing, DDOS, password attacks and ransomware. If you’re aware or have been notified about a security breach, this is what you can do in chronical order:

• Form a team and create tasks: what do you need to check?
• Contact the outsider who found your vulnerability: what’s going on and what are their intentions?
• Start checking: your data, log files and who has access to what data?
• Continue checking: did anybody make a new account? How did they do it?
• Contain the problem: it’s essential not to let it spread 
• Whatever you found, investigate the best way to fix the problem
• Determine the severity of the breach 

And, in severe cases:

• Notify the victims and possibly legal institutions 
• Discuss a communication strategy as well for your employees, as to the public

Top notch security with Tilaa

At Tilaa we take security very seriously, because we understand the worth of (personal) data. Therefore we are fully certified to store your data and the data of your customers onto our datacenter. Want to know more about the security measures we take? Have a look!